<?PHP
$fcomid = "";
$femail = "";
$fpword = "";
$errorMessage = "";
$happymessage = "";
//==========================================
//	ESCAPE DANGEROUS SQL CHARACTERS
//==========================================
function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }
//comment

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }

   return $value;

}
if (!empty($_POST)){
	$fcomid = $_POST['companyid'];
	$femail = $_POST['email'];
	$fpword = $_POST['password'];

  //  $fcomid = htmlspecialchars($fcomid);
	$femail = htmlspecialchars($femail);
	$fpword = htmlspecialchars($fpword);

	//==========================================
	//	CONNECT TO THE LOCAL DATABASE
	//==========================================
	
require 'config.php';

	$db_handle = mysql_connect($server, $user_name, $pass_word);
	$db_found = mysql_select_db($database, $db_handle);

	if ($db_found) {
		$femail = quote_smart($femail, $db_handle);
		$fpword = quote_smart($fpword, $db_handle);
		

		$SQL = "SELECT * FROM members WHERE email = $femail AND password = md5($fpword) AND comid = $fcomid AND verified = '1' ";
		$result = mysql_query($SQL);
		$rowq = mysql_fetch_array($result);
			
			$companyid = $rowq['comid'];
			$memid = $rowq['id'];
			$frank = $rowq['rank'];
			
		$num_rows = mysql_num_rows($result);

	//====================================================
	//	CHECK TO SEE IF THE $result VARIABLE IS TRUE
	//====================================================
		if ($result) {
			if ($num_rows > 0) {
				session_start();
				$_SESSION['login'] = "1";
			$_SESSION['comid'] = $companyid;
			$_SESSION['memid'] = $memid;
			$_SESSION['frank'] = $frank;
			$_SESSION['recon'] = '1';
			if ($frank == 2){header ("Location: view.php?time=".time());}else{
				header ("Location: home.php?time=".time());}
			}
			else {
				$errorMessage = "Email, password or company ID incorrect<p align=\"center\"><a href=\"passforgot.php\">Forgot your password?</a>";
			}	
		}
		else {
			$errorMessage = "Error logging on, be sure to fill in all the details.";
		}

	mysql_close($db_handle);

	}

	else {
		$errorMessage = "Error logging into database";
	}

}


?>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="initial-scale=1.0, user-scalable=no">
  <meta name="apple-mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black">
  <title>iPetty Login</title>
  
  
  
  <link rel="stylesheet" href="/jquery/style.css">
  
  <!-- Extra Codiqa features -->
  <link rel="stylesheet" href="codiqa.ext.css"><style type="text/css">

  </style>
  <link href="styling.css" rel="stylesheet" type="text/css">
  <!-- jQuery and jQuery Mobile -->
  <script src="https://d10ajoocuyu32n.cloudfront.net/jquery-1.9.1.min.js"></script>
  <script src="https://d10ajoocuyu32n.cloudfront.net/mobile/1.3.1/jquery.mobile-1.3.1.min.js"></script>

  <!-- Extra Codiqa features -->
  <script src="https://d10ajoocuyu32n.cloudfront.net/codiqa.ext.js"></script>
   
</head>
<body>
<!-- Home -->
<div data-role="page" id="page1">
    <div data-theme="a" data-role="header">
        <h3>
            iPetty
        </h3>
    </div>
    <h4 align="center" style="color:#F00"><? echo $errorMessage; ?> </h4>
    <h4 align="center" style="color:#0C3"><? echo $happymessage; ?> </h4>
    <div data-role="content">
    <FORM NAME ="formilate" METHOD ="POST" ACTION ="index.php" id="log">
    <div data-role="fieldcontain">

            <input name="companyid" id="companyid" placeholder="Company ID" value="" type="text" required class="number">
        </div>
        <div data-role="fieldcontain">

            <input name="email" id="email" placeholder="Email" value="" type="email" required class="email">
        </div>
        <div data-role="fieldcontain">
            <input name="password" id="password" placeholder="Password" value="" type="password" required>
        </div>
        <INPUT TYPE = "Submit" Name = "Submit1"  VALUE = "Log In">


</FORM>
<script src="jquery.validate.js"></script>
<script>
$("#log").validate();
</script>
    </div>
    <p align="center"><a href="iforget.php">Forgot your password?</a></p>
   <strong><p align="center"> If your company does not have an account yet, please <a href="register.php">register</a></p></strong>
</div>
</body>
</html>
